fw sam_policy

Notes:

• These commands are interchangeable:

  • For IPv4: "fw sam_policy" and "fw samp".

  • For IPv6: "fw6 sam_policy" and "fw6 samp".

• You can run these commands in Gaia Clish, or Expert mode.

• Security Gateway stores the SAM Policy rules in the $FWDIR/database/sam_policy.db file.

• Security Gateway stores the SAM Policy management settings in the $FWDIR/database/sam_policy.mng file.

Important:

• Configuration you make with these commands, survives reboot.

• VSX mode does not support Suspicious Activity Policy configured in SmartView Monitor. See sk79700.

• In VSX mode, you must go to the context of an applicable Virtual System.

  • In Gaia Clish, run: set virtual-system <VSID>

  • In the Expert mode, run: vsenv <VSID>

• In a Cluster, you must configure all the Cluster Members in the same way.

Best Practice - The SAM Policy rules consume some CPU resources on Security Gateway. Set an expiration for rules that gives you time to investigate, but does not affect performance. Keep only the required SAM Policy rules. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk.